Chipotle!

It was announced today that Chipotle would replace Novell in the S&P 500 index.

No, Chipotle is not some new technology company, or the result of the Novell-Attachmate merger. It's a national chain of fast casual dining restaurants.

This today as I listen to a former Novell whiz kid and ZEN Master address an audience of CIO's about (gulp) Microsoft products.

How far the mighty have fallen.

Of Smartphones and Sycophants

Naturally, like everyone else in the world, we are faced with the fact that people want to use their own gadgets to do work stuff. The chants are increasing and getting higher up the ladder, which has made for an interesting set of philosophical conversations around the importance of technology to the business - conversations we've never really had.

It started, predictably, with the iPhone 3. Immensely popular, that was the sound of the first shot so to speak. IT had plausible deniability though - lack of encryption support would undoubtedly result in company data making its way into unscrupulous Russian hackers who walked by with Bond-esque electronic plot devices. With the advent of the the 3GS, IT had to work a little bit harder to stem the tide - they would be difficult (i.e. expensive) to manage, and wouldn't have the same controls as our beloved BlackBerries.

But the screens were awesome on these things, and old eyes kept begging..."Please, please give me more than a postage stamp-sized display for my e-mail, since I can only read it at 72pt."

This whole time, RIM was working on their strategy - an iPhone imitator with all the warm fuzziness of BlackBerry Enterprise Server security & controls. "Awesome!" said the IT department, "That'll shut 'em up!"

We were wrong.

The device RIM delivered was called the "Torch", and it sucked. It sucked worse than anything has ever sucked before. How in the world did the brilliant minds at RIM - the people who created the damned smart phone to begin with - end up laying such a huge turd? Who knows how, but they did. It was bad by all accounts, universally decried as slow and clumsy and a really poor effort from a company that appeared to be well past it's prime.

Crud.

We didn't even bother buying any - we knew people would hate them and the demands would arise anew, but louder, for iPhones. Oh, and Droids! Don't forget the Android devices! We love them, they tell us, because they have an app that turns my phone into a level and it's "open" - nyah nyah, take that Apple f4nb0yz!

How do you explain to people who are operating at that level, that there is A LOT more to supporting these things than simply pointing them at Exchange ActiveSync? They aren't going to get it, and don't really care.

If only there was another option...

Enter the Windows 7 Phone. or Windows Phone 7. I keep flip-flopping on which I like less. I suppose there were Windows Phones before this one, but I don't know anyone outside of Redmond who used them - and even they seemed to do so grudgingly.

It has the same form factor as the Androids. It has the same pretty display, the same touch-screen feature, the same glossy interface gestures as iPhone, but it's just a little different. It has a number of negatives, to be sure - there aren't nearly as many things you can do with it in terms of App availability (I can't believe I have to capitalize App now so that people know what I mean). But, it is made by Microsoft, which means it should work really well with all this other Microsoft stuff we have. Right? Wait, no...right???!?

Facepalm.

It has Word, which is cool. It has Excel and PowerPoint even, and OneNote - nice. It has Outlook, which works well with Exchange as one might expect. But it trips over itself going the extra mile. Want to read PDF's? Create a Live ID and sign-in - hey, it's good enough for Apple! - even though the app is completely free. So much for appealing to enterprise customers at all.

If Microsoft ever figures out what an incredible platform they have in Windows 7 Phone / Windows Phone 7, it will be a dark day somewhere in Canada where incredibly nice people are failing miserably to make a compelling 21st century mobile device. There are a handful of options, probably not difficult to implement, that would make this consumer "also ran" into the dominant, if not singular option for corporate customers. Which, by the way, are the ones who have all the money.

Windows Phone 7 does a lot of things very well. The interface is well thought out and is a refreshing alternative to iOS. It looks good. You like using it. It's fast, at least on the Samsung and LG devices we've tried. It has a big screen that is easy to read. The camera is brilliant, and the video capture & playback are also fantastic. It does social well, even if you don't want it to.

Old fogies who use BlackBerry handhelds don't give a rip about Apps. That means this device would be perfect for them, because it doesn't have many. If only I could provision them complete with a handful of free apps like Acrobat reader and settings for our corporate wireless standard over the air, not require Live ID's, and not require Zune for updates. If only I could have them act as if they were on our private network - like BES phones - where our content filter and internal servers would be available to them. If only I could join them to my domain and have them controllable via GPO, or at least use NTLM authentication to our SharePoint 2007 sites (rather than making us re-deploy on 2010 with forms-based options enabled, which we can't do today). If only there were native integration with OCS 2007 or Lync for updating presence, having video chats, etc. If only there were a built-in RDP client.

It's an incredibly powerful platform, but not an especially good phone. If I'm lucky, Microsoft will figure this out and actually leverage it to embrace and reward enterprise customers...because the consumer ship has sailed, and it's flying an Apple spinnaker.

To Virtualize Desktops...

...or not to virtualize desktops. That, is the question.

I'm embarking on a journey of discovery regarding all things VDI lately. Our use case scenarios here are probably heavier than normal, and our organization's layout is definitely more WAN dependent than "normal". So we need to find out what is real, what is hype, and what (if anything) will work for us in this space.

Found a good resource here: Validated Design Resources. This is the best collection of technical docs I've found covering NetApp, VMWare, and Citrix Xen Desktop - on Cisco hardware, which seems a little bit like an odd marriage. You can tell where the funding came from.

VMWare View and PCoIP appear to have some real potential for us, especially in the graphics-intensive environments, but it remains to be seen what kind of scalability we would experience given our workloads. More to come as we learn it.

Crazy Ivan

We recently had a departure of a senior resource that prompted us to go through all of our administrative passwords for the (frankly, surprising number of) systems we manage and update them.

The great fear and apprehension we and everyone feels about changing root or admin passwords is that it's never really crystal clear - I'm talking about vendor documentation in particular - what might break when you do. Like many small-to-mid size shops, we don't do this very often, because it doesn't add money to the bottom line and we have more work than we can handle just keeping the important stuff running smoothly.

But there is value in the exercise. Not for the stuffed-shirt security-Nazi / audit-police reasons, but because it's easy to lose sight of hundreds and thousands of incremental additions and changes to the network - even if you have a careful change control process.

So we did the password change, and by and large, we did a good job of identifying important systems we knew to be using the passwords and prepare them accordingly. In one instance, we missed one, but knew exactly what was wrong and were able to quickly find where it had stored admin credentials. Another surfaced later in the week, that shouldn't have been using admin credentials at all. Sometimes, if you're not real careful, a lab effort can go so well that you just move straight into production rather than re-build everything from scratch. Time is money, after all. Easy enough to fix, create a new set of credentials for that system and move on.

That latter scenario - something breaking that never in a million years would have been expected to be using admin credentials - repeated itself twice. The people responsible for it are, interestingly, the people responsible for us wanting to change the passwords in the first place.

In the movie "Hunt for Red October", the captains of Russian submarines would spontaneously make a sharp turn one direction or the other. This prevented them from getting a false sense of security - the natural tendency when everything is going well to consider it a result of intention rather than chance. "If it ain't broke, don't fix it." The maneuver was called a "Crazy Ivan", and an experienced U.S. submarine crew knew to expect it and keep following undetected - but only if they knew which way to turn.

If it's been a while since you've changed admin passwords, consider doing a Crazy Ivan of your own - not because you should distrust employees, but because you should distrust your ability to remember whether or not everything you put into production is following best practices.

The Year of the Pad

It doesn't take a genius to figure out that 2011 will be the year of the tablet computer. Some people still think this means Windows-based tablet edition PC's or laptop hybrids/convertibles, but it really means the NEW tablet - Pads.

My worst fears have become a reality - the iPad has been ridonkulously successful and has spawned an entire industry of me-too Johnny-come-lately impersonators. So reality being what it is (inescapable), we'll have to adjust.

CES this week showcased Google's latest Android OS, which is being called Honeycomb in a manner consistent with their irritatingly quirky penchant for naming their releases. Froyo is as stupid to say as it is to write, and whoever had that idea should be punched someplace tender for a few hours (or at least once for every time an IT executive has been forced to use the term).

Its goofy name aside, it did look impressive in the live demo. It was running on Motorola hardware, and one would fairly imagine that any and every Apple competitor will be cheaper than Big White. If the ActiveSync support is good, well, it's hard to say no.

In quite an about-face, we've actually been talking about supporting these things. Even down to the iPhone. There have emerged some very compelling business apps that bring a sort of Star Trek futurism into the present day. It's amazing how powerful information can be when it is easy to access and truly portable. If only wireless networks were worth a damn. There are a couple of SharePoint apps that do a fantastic job of present collaboration spaces in Apple's intuitive (and almost ubiquitous now) touch interface. With iOS at least, handling PDF's and Office document types requires no configuration at all. Modifying lists is simple and fast. And if all else fails, you just fire up Safari and do things the old fashioned way.

I would still not personally pay for an iPad, but if the company provides one, I'm confident I would be able to replace my laptop with it for daily use. Or perhaps go to a modest desktop configuration and travel only with the iPad. I've done enough testing with it to have become used to them, and my shoulder / back would definitely appreciate it. The apps are 95% there, and improve far more rapidly than their shrink-wrapped counterparts. For all the concerns bandied about, I really do see these as far easier to manage than traditional computers. In the right environment, they would be a brilliant way to augment virtual desktop initiatives.

Some polls show people flocking towards standardization as if that is what IT needs to be able to effectively manage these devices. I can't personally see why that would be the case unless you plan on doing A LOT of development - certainly far more people advocate standardization than I imagine really need it. ActiveSync with Exchange 2007 or later is really adequate for most small-to-medium organizations right out of the box, and it puts the onus on the device - not the admin - to work properly. The most IT would NEED to do is plainly state which OS platforms and versions it wants to support based on their risk profiles.

The only constant is change. Customers first. Antidepressants are fun!

You're Being Throttled

One of the things you become aware of when you buy more internet bandwidth than you need, is that no matter how fast your connection is, the other side is probably throttling you down. Big sites do this all the time - we have 50Mbps here, and a single download will rarely exceed 6-7Mbps from Microsoft, VMWare, Novell, IBM, etc. as we get patches or ISO's for products. There is a point at which, no matter what, your downloads will not get any faster. It's not a CPU, memory, or LAN bottleneck on your firewalls, not a latency issue, not 70% or more of network overhead - nothing but simple traffic control implemented at the far end.

Never turn down more bandwidth for less money if you can get it, but definitely be cognizant of the fact that if you're not using all the bandwidth you have today - even during spikes - things won't get faster just because you buy more. If you have a big pipe and internet sites still aren't fast enough, it's probably out of your hands.

If you think about it...

...GUI's like Windows and the original Mac OS pretty much destroyed any real ability a company had to secure its data from walking away. Going back in time, the last instance I can think of where information was not portable was in custom-apps or databases on character based terminals or PC's. Of course you could argue that the dot matrix printer would have probably been the real death knell of distributed computing information security. It's not like you could lock that stuff down back in the day.

In modern times though, the ability to cut & paste in browsers, command prompt windows, etc. means you have to jump through enormous hurdles to institute a truly read-only security level for your data, meaning it only exists within an application and can only be read on-screen. If it's possible at all (it may be and I just don't know what products one would use to perform Windows surgery to disable any cut/paste ability anywhere).

All of the effort an administrator could go through would still be vulnerable to something that renders the measures moot - either that or you have so greatly impacted user productivity that the question becomes why let them come to work at all?

Just once in a while it seems like it would make sense if it were at least a little easier for companies to say "you can see this, but you can't do anything else with it" - especially in browser based apps. Yes it may be possible with a lot of custom coding or third-party products, but they're all essentially working around a fundamental oversight in information security inherent to GUI's. Can't we patch that? Like a GPO setting that disables the ability to select text in a DOS window on a per-user basis, or that disables text selection per-user or per-URL wildcard entry in a list. I bet people would use it if they had it.

Computers - especially networked systems - are inherently insecure. Data breaches and loss should really be expected, frankly. If your data is really that valuable, don't put it on a computer. At least not until OS manufacturers start to take it seriously.

Why Communication Matters

You've probably heard your fair share of cliches about the importance of communication. How "it's impossible to over-communicate", etc. And there is some value in reinforcing the fact that bad things happen when people take for granted that everyone around them knows what is going on. The advice you hear is usually centered around communicating status, or effectively managing change.

What happens if you can't - not because you aren't good at it, but because, well, you just can't.

Healthy and effective communication are dependent upon healthy and effective relationships. You can "communicate" until you're blue in the face - if you do not have the respect of the people you're addressing, it won't matter.

If you're a leader in particular, it's crucial to go out of your way to establish strong relationships with your subordinates, peers, and supervisors. I have an example of why I feel so strongly about this.

If you have a chilly relationship with a co-worker, where conversations are tense or cold or generally unpleasant, you will not communicate with them as often as you should. Consciously or sub-consciously, you will begin a futile effort of trying to anticipate their reactions to whatever you have to tell them, and because humans do that which is least painful, you'll avoid communicating with them until you get too far down the path (or worse, go in the wrong direction).

You may try overly hard to perfect whatever you're working on for your supervisor if you simply cannot get comfortable dealing with them, and what you end up with will have taken longer and not be as good as it could have been if you were working more closely - communicating more frequently and in smaller chunks.

Progress is impossible without collaboration; collaboration is impossible without communication; communication is impossible without relationships. People can have respect for leaders without liking them - that scenario may be fine in the military where collaboration is scarce or where matters of life-or-death put the importance of friendliness on the back burner, but it's a recipe for inefficiency and mediocrity in the enterprise.

If you're a leader, or you are subordinate to someone with whom you do not have a great relationship, do everyone a favor and make a renewed effort to get there.

People who have talent and respect for themselves do not want to work someplace where their efforts do not result in success. Talented people live for the chance to successfully meet challenges. If that's you, recognize the truth of this - you will never, ever get it done as well by yourself as you can with a team of people who share strong relationships. You owe it to yourself as a leader (by fiat, de facto or otherwise) to do whatever it takes to put differences or past issues aside, focus on the positives with everyone, and break down barriers to communication.

The Torch

I've been evaluating a BlackBerry Torch for the past few days. It's a pretty phone, but I can certainly understand what people were talking about when the early reviews came in blasting it as not ready for prime-time.

The interface is somewhat clunky to operate - distinctly unlike BlackBerry's of the past. It's slow, in about every respect - perhaps because you're used to things working instantly on a traditional RIM device. It is buggy - I've had the screen lock in sideways mode just pulling it out of my pocket, and couldn't get it un-stuck but to press the dial button. The layout and operation takes some getting used to, and the screen is so sensitive, you often finding it doing things you had no intention of it doing. This device would turn a 30 year old systems engineer into a 70 year old car salesman...muttering, "what dit...why?...no, go back...how did I..."

The screen is good, and people I call say I sound great in either handset or speakerphone mode, but that's where the compliments begin and end. I constantly hear my own voice in a robotic, almost water-in-the-ear "echo" when using it as a handset phone, and it's really irritating. Then of course, we have the AT&T network's propensity to drop calls at will - so it's obviously not a device problem.

We did learn you can press ALT+"n m l l" to have the handset display the actual signal strength in dBm (I think it's dBm). It's at least more useful than counting bars. I see it bounce between -70 and -130 sitting at my desk, immobile. When it does say -70, it's typically not doing anything - as soon as you start hitting the mobile network, it falls like a stone. Still goes back and forth between GPRS / EDGE and 3G - I've probably talked about this before.

Anyway, we won't be deploying them, and that's all that matters. We have a couple hundred RIM handhelds, and I don't want a fleet of people who have devices they hate. Probably for the first time ever, we'll start looking into MobileIron or Good for Enterprise to open the gates a bit. When Amazon starts chopping the price of a new smartphone in half less than a week after it debuts, it's not a good sign. RIM is, as Gordon Ramsay would say, "Deep in the $#!+".

This iPad Nonsense

I hope to look back at this post in a few years' time and think of the iPad as the Newton - really cool at the time but totally over-hyped. I fear that this will not however be the case.

It's a neat device like everything Apple does. The appeal of a $650 gigantic iPod Touch remains lost on me however. Yes, books and magazines look great. Yes, through WiFi, it's quick. Mostly. Yes, there's tons of unproductive stuff you can make it do. This should all be a given at $650.

Here's what's irritating me. The 3G service. AT&T's network double-live sucks. Period. I've not found a non-AT&T employee who thinks otherwise. It stinks on ice. It is biblically bad. Epic fail. I have a drawer full of retired BlackBerry devices and a building full of similarly disgruntled coworkers to prove it.

The 3G part of this iPad is so God-awfully slow, I've considered taking advice from Sleep Talkin' Man and eat a blend of razors & lemons rather than wait for it to load web pages or start Apps with an internet dependency. Again, on WiFi, it's quick. 3G, not so much.

What I find most interesting of all, is the signal strength meter. I've yet to see the iPad report anything fewer than five bars (5 bars for Googlers) of service. Ever. My BlackBerry shows between one and five most times, and it fluctuates a lot. It's hardly ever five, even right next to the iPad, which seems almost programmatically indifferent to the reality of long range CDMA radio transmissions.

Had I yet another device with the capability to quickly take an image of my BlackBerry and iPad together, or better yet, a video, I'd post it. But, as with all things, I realize I'm not ever going to be the first to experience something and be irritated by it if it's bad, so I don't even bother looking for other examples online. I just decide to let this post serve as a stand-alone testimony to the crappiness of the AT&T network, and the literally laughably optimistic character of the iPad when it comes to how good the 3G signal is. Everywhere. AT&T may cover 97% of the U.S., but the iPad has 5 bars of 3G coverage in 100% of places that have any 3G coverage at all. Remarkable.

Anyway, the experiment with the iPad is distracting and irritating because I don't want one personally and wouldn't spend that kind of money even if I did, and I know that the person who will ultimately use this will curse it to eternal damnation because it cannot read their minds and it is mediocre at best when it comes to brewing tea and they are already sick of bullshit, and it will undoubtedly be me who has to answer the "how do I do this" call from memory. Sigh.